Skip to main content

Mondoo 10.2 is out!

ยท 4 min read
Mondoo Core Team
Mondoo Core Team

๐Ÿฅณ Mondoo 10.2 is out! This release includes key improvements in known exploitable vulnerability tracking, Slack team scanning, improvements to the space overview screen, and more!โ€‹

Get this release: Installation Docs | Package Downloads | Docker Container


Additional sources for CVEs and advisoriesโ€‹

For vulnerabilities that have known exploits in the wild, Mondoo now provides a link to the external citation from the CVE page:

  • For software vulnerabilities listed in the CISA Known Exploited Vulnerability (KEV) catalog, Mondoo now provides a link to the catalog entry.

  • For software vulnerabilities listed in Metasploit, Mondoo now provides a link to exploit in the Metasploit source repository.

CVE with Metasploit

Find top vulnerabilities for spacesโ€‹

The space overview now shows the top vulnerability in the space, as determined by the ratio of impacted assets and CVSS score.

Space overview with top vulnerability

slack.users performance improvementsโ€‹

We continue to optimize fetching Slack data for large Slack workspaces. New optimizations for user fetching result in query times up to 25x faster.

New sshd.config.blocks fieldโ€‹

The ssh.config resource now includes a new blocks field that allows you to query configuration data defined in individual sshd match groups.

For example, if you have an sshd configuration file with a match group for sftp-users:

X11Forwarding yes

Match Group sftp-users
X11Forwarding no
PermitRootLogin no
AllowTCPForwarding yes

Previously using the sshd.config.params field would show you both instances of the X11Forwarding configuration without the context necessary to understand where this configuration is applied:

> sshd.config.params.X11Forwarding

Using blocks you can dive deeper to see exactly which users get each configuration option:

> sshd.config.blocks { criteria params }
sshd.config.blocks: [
0: {
criteria: ""
params: {
X11Forwarding: "yes"
1: {
criteria: "Group sftp-users"
params: {
AllowTcpForwarding: "yes"
PermitRootLogin: "no"
X11Forwarding: "no"


  • More consistent asset names on *nix-based assets.
  • Fix infinite loading of the integrations sidebar.
  • Improve display of platforms in variant policies.
  • Improve the description of EPSS data on CVE and advisories pages.
  • Improve retries and timeouts for provider downloads.
  • Fix malformed policy downloads from the registry when a policy contains variants.
  • Fix missing platform icons for policies with variants.
  • Fix an error hovering over policies in the registry when colorblind mode is enabled.
  • Use a consistent font size for all exceptions in exception tabs.
  • Ensure all unapproved exceptions are expanded by default in exception tabs.
  • Remove the "Space created" item from the exceptions tabs.
  • Improve rendering of the asset's software list in the print view.
  • Removed failing Azure Entra ID checks from the Mondoo Azure policy.
  • Improved the reliability and output of queries in the CIS Azure and MS 365 benchmark policies.
  • Fix data queries showing as failing checks in the console.
  • Add wrapping for long asset annotation text values on the asset page.
  • Fix failures loading unscored assets.
  • Improve the display of tooltips in light mode.
  • Improve error messages due to authentication failures in the ms365 provider.
  • Fix authentication failures with cnquery run ms365.
  • Avoid running a command more than once in some situations when using the processes resource.
  • Resolve Microsoft 365 integration timeouts due to scan errors.
  • Improve scan time performance by caching failures.
  • Fix a crash in the aws.iam.virtualMfaDevices resource due to insufficient IAM permissions.
  • Fix an error fetching some fields in the aws.cloudtrail.trails resource.
  • Fix an error fetching Microsoft Teams policy data.
  • Resolve a failure to fetch policies when scanning.
  • Improve the counts of checks and queries displayed for assets.